TY - JOUR
T1 - Securing Spatial Data Infrastructures for Distributed Smart City applications and services
AU - Chaturvedi, Kanishk
AU - Matheus, Andreas
AU - Nguyen, S. H.
AU - Kolbe, Thomas H.
N1 - Publisher Copyright:
© 2019 The Authors
PY - 2019/12
Y1 - 2019/12
N2 - Smart Cities are complex distributed systems which may involve multiple stakeholders, applications, sensors, and IoT devices. In order to be able to link and use such heterogeneous data, spatial data infrastructures for Smart Cities can play an important role in establishing interoperability between systems and platforms. Based on the open and international standards of the Open Geospatial Consortium (OGC), the Smart District Data Infrastructure (SDDI) concept integrates different sensors, IoT devices, simulation tools, and 3D city models within a common operational framework. However, such distributed systems, if not secured, may cause a major threat by disclosing sensitive information to untrusted or unauthorized entities. Also, there are various users and applications who prefer to work with all the systems in convenient ways using Single-Sign-On. This paper presents a concept for securing distributed applications and services in such data infrastructures for Smart Cities. The concept facilitates privacy, security and controlled access to all stakeholders and the respective components by establishing proper authorization and authentication mechanisms. The approach facilitates Single-Sign-On (SSO) authentication by a novel combination in the use of the state-of-the-art security concepts such as OAuth2 access tokens, OpenID Connect user claims and Security Assertion Markup Language (SAML). An implementation of this concept for the district Queen Elizabeth Olympic Park in London is shown in this paper and is also provided as an online demonstration. Such access control and security federation based realization has not been considered in spatial data infrastructures for Smart Cities before.
AB - Smart Cities are complex distributed systems which may involve multiple stakeholders, applications, sensors, and IoT devices. In order to be able to link and use such heterogeneous data, spatial data infrastructures for Smart Cities can play an important role in establishing interoperability between systems and platforms. Based on the open and international standards of the Open Geospatial Consortium (OGC), the Smart District Data Infrastructure (SDDI) concept integrates different sensors, IoT devices, simulation tools, and 3D city models within a common operational framework. However, such distributed systems, if not secured, may cause a major threat by disclosing sensitive information to untrusted or unauthorized entities. Also, there are various users and applications who prefer to work with all the systems in convenient ways using Single-Sign-On. This paper presents a concept for securing distributed applications and services in such data infrastructures for Smart Cities. The concept facilitates privacy, security and controlled access to all stakeholders and the respective components by establishing proper authorization and authentication mechanisms. The approach facilitates Single-Sign-On (SSO) authentication by a novel combination in the use of the state-of-the-art security concepts such as OAuth2 access tokens, OpenID Connect user claims and Security Assertion Markup Language (SAML). An implementation of this concept for the district Queen Elizabeth Olympic Park in London is shown in this paper and is also provided as an online demonstration. Such access control and security federation based realization has not been considered in spatial data infrastructures for Smart Cities before.
KW - CityGML
KW - OAuth2
KW - SAML
KW - Security
KW - Single-Sign-On
KW - Smart Cities
UR - http://www.scopus.com/inward/record.url?scp=85069588985&partnerID=8YFLogxK
U2 - 10.1016/j.future.2019.07.002
DO - 10.1016/j.future.2019.07.002
M3 - Article
AN - SCOPUS:85069588985
SN - 0167-739X
VL - 101
SP - 723
EP - 736
JO - Future Generation Computer Systems
JF - Future Generation Computer Systems
ER -